- From: by way of <Denis.Pinkas@bull.net>
- Date: Tue, 28 Sep 1999 16:05:59 -0400
- To: "IETF/W3C XML-DSig WG" <w3c-ietf-xmldsig@w3.org>
Call for Comments on draft ETSI Electronic Signature Standard Note: This message is posted to the following IETF mailing lists: PKIX: ietf-pkix@imc.org S-MIME: ietf-smime@imc.org XML DIG-SIG: w3c-ietf-xmldsig@w3.org If you subscribed to these mailing lists, you will receive the message for each of them. Sorry for the inconvenience. ETSI has issued the draft "Electronic signature standardisation for business transactions", ETSI ES 201 733 for a last round of comments, before asking its members to vote on the document. The draft standard (108 pages - 428 ko) is available from: http://docbox.etsi.org/tech-org/security/open/el-sign/Draft_ES_201733_v-1-1-3 .pdf The document has been developed by the ETSI SEC working group on Electronic Signature and Infrastructures, as part of the European Electronic Signature Standardisation Initiative (EESSI). It is issued as a draft ETSI standard for a last round of comments. Scope and contents of the draft The aim of the document is to provide specifications so as to allow for full compatibility of secure business transactions with regard to electronic signatures. It covers all types of business transactions, between an individual and a company, between two companies, between an individual and a governmental body, etc... Being independent of any platform, it can be applied to any environment, such as smart cards, GSM SIM cards, etc. Business actors, using different products, will be able to complete secure transactions by relying on the standard in order to create, read, interpret and validate electronic signatures. The standard offers simple and more advanced forms of signatures according to the signature policy, the latter in order to meet requirements of long-term validity. The document defines: · Formats for various forms of Electronic Signatures, · An experimental format for Signature Policies. The format of Electronic Signatures uses the existing Cryptographic Message Syntax (CMS), as defined in RFC 2630, and Enhanced Security Services (ESS), as defined in RFC 2634. It uses signed and unsigned attributes defined in CMS, ESS and the present document. The signature policy is a set of rules for the creation and validation of an electronic signature, under which the signature can be determined to be valid. It may be defined in free text or using formal syntax and semantic. In the first case the validation of an Electronic Signature may be done using a specific validation box that must conform to the description of the signature policy while in the second case the validation may be done using a generic validation box able to process any signature policy. Informative annexes describe: · an example structured content, · the relationship between the present document and the European draft directive on electronic signature and associated standardisation initiatives, · APIs to support the generation and the verification of electronic signatures, · Cryptographic algorithms that may be used, · Guidance on naming. In order to get a broader feedback from the technical and business communities ETSI has chosen to place the document in the public domain for comments rather than to limit it to its membership. Comments are welcome until October 31, 1999. After processing the comments the document will be placed on vote to become an ETSI standard, with the future option to seek acceptance by other standard bodies. Comments may be sent to the EL-SIGN mailing list. Before sending a message to the list, you need to subcribe to that mailing list: copy and paste the following command in the body of a message: SUBSCRIBE EL-SIGN (First and Last name) replace "first and last name" with your name and send it to: LISTSERV@LIST.ETSI.FR Then you may send a message to the list at : EL-SIGN@LIST.ETSI.FR Mail archive are available at: http://list.etsi.fr/el-sign.html The web page from ETSI on Electronic Signature (ES) Standardisation is: http://www.etsi.org/sec/el-sign.htm About ETSI SEC ETSI SEC is the technical body within ETSI carrying the main responsibility for security infrastructures and services in the telecom environment. As such, ETSI SEC devotes special interest to interoperability issues at the communication and transaction levels as well as to relevant aspects of trust relationships. One of the ETSI SEC working groups, the Electronic Signature and Infrastructures (ESI) WG is in charge of present and future ETSI activities related to the EESSI work program.
Received on Tuesday, 28 September 1999 16:05:30 UTC